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Abstract 

A new algebraic Cayley graph is constructed using finite fields. It provides 
a more flexible source of expander graphs. Its connectedness, the number 
of connected components, and diameter bound are studied via Weil's esti- 
mate for character sums. Furthermore, we study the algorithmic problem of 
computing the number of connected components and establish a link to the 
integer factorization problem. 
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1. Introduction 

For a subset S of a finite abelian group T, the Cayley graph Cay(T, S) 
is the directed graph with vertex set T, and edge set {61 — > b 2 \bi — b 2 G S}. 
Cayley graphs play a central role in the construction of expander graphs. A 
randomly chosen Cayley graph Cay(T, S) often has good properties with 
non-trivial probability. However, deterministically constructing one such 
good graph is often more difficult. Typically one needs to assume addi- 
tional structure on the group T and its subset S. By an algebraic Cayley 
graph, we mean that T is the multiplicative group of a finite commutative 
ring and S C T is a subset with certain algebraic structure such as a box 
or an interval in some sense. The box algebraic structure makes it possible 
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to use powerful tools from number theory to prove conditionally (assuming 
some sort of Riemann hypothesis) that an algebraic Cayley graph Cay(T, S) 
does have the desired properties if the box is suitably large. In this way, 
algebraic Cayley graph provides a rich source of expander graphs. 

An important such example is given by Chung [l| who uses the multi- 
plicative group of a finite extension of a finite field and take the subset to be 
a line in certain sense. The advantage to work with a finite field is that the 
needed estimate can sometimes be proved using the celebrated Weil bound 
for curves over finite fields. In this paper, we introduce a more general con- 
struction using the multiplicative group of a finite field and taking the subset 
to be those elements represented by certain primary polynomials. 

Let F q be a finite field of q elements with characteristic p. Let f(x) be 
an irreducible polynomial of degree n > 1 over ¥ q . Our group T will be 

r> = (¥ q [x]/(f(x))Y = (¥ q [a])* = ¥* qn , a = x. 

The group is cyclic of order q n — 1. A polynomial g(x) G ¥ q [x] of degree 
d > is called primary if g(x) is a power of an irreducible polynomial. For 
1 < d < n, let Pd be the set of monic primary polynomials of degree d in 
¥ q [x\. Our subset S will be 

E d = {g(a)\geP d }cT f . 

Note that in the case d = 1, the subset E\ = a + ¥ q is a line in the n- 
dimensional ¥ q - vector space ¥ qn . 

Definition 1. Let Gd(n,q,a) be the Cayley graph CayiT f, Ed) with vertex 
set Tf and edge set {(3i — > folfa/Pi £ Ed}. 

It is clear that Gd(n, q, a) is a regular directed graph of order q n — 1 and 
its degree is given by 

k\d s\k 

where /x is the Mobius function. It should be noted that the graph Gd(n, q, a) 
depends not just on d, n, q but also on the choice of a (that is, the choice of 
the irreducible polynomial f(x) which is used to present the extension field 
¥ q n). In the case d — 1, Gi(n,qj%) reduces to Chung's graph in which 
has been studied extensively, see ji[ j3[ In this paper, we study the general 
d case. Our proof is more direct and uses Weil's bound for character sums. 
Our first result is the following theorem. 
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Theorem 2. Assume that n < q d l 2 + 1, then the graph Gd(n,q,a) is con- 
nected and its diameter D satisfies the bound 

n 431og(n-l) 
D<2- + 1 + 



d dlogq — 2 log(n — 1) 

In the case d — 1, this reduces to the diameter bound in [ij and [ij]. The 
above theorem gives a sufficient condition for the graph to be connected. If 
n > q d l 2 + 1, the graph Gd(n,q,a) is not always connected as the answer 
depends on the choice of a or the irreducible polynomial f(x). More precisely, 
we have 

Theorem 3. If £ > 1 is a divisor of the integer (q n — 1) such that n > 
2d + 2(\Pd\ + 1) log g £, then there is at least one a G ¥ qn of degree n such that 
the number of connected components of the graph Gd{n, q, a) is divisible by 
£. 

If q > 2, q n — 1 has the obvious divisor (q — 1) > 1. We obtain 

Corollary 4. Assume that q > 2 and n > 2d + 2(\Pd\ + 1). Then there is at 
least one a G ¥ q n of degree n such that the number of connected components 
of the graph Gd{n,q,a) is divisible by (q — 1). In particular, Gd{n,q,a) is 
not connected for at least one degree n element a. 

As \Pd\ ~ q d /d, the bound 2^ + 2(^^1 + 1) ~ 2q d /d is roughly the square 
of the bound q d ^ 2 in Theorem 2. This shows that the condition in Theorem 
2 is not too far from being sharp. For the remaining interval where 

q d ' 2 + l<n<2d + 2(\P d \ + 1) ~ 2q d /d, 

we have no results on the connectedness of the graph Gd{n,q,a). One 
does know the following crude combinatorial upper bound for the number 
Nd(n, q, a) of connected components of the graph Gd{n, q, a): 



N d (n, q, a) < 



q" - 1 



d 



(\Pd\+l\ 

see Theorem 14 in section 2. 

For a randomly chosen a, the graph G d {n, q, a) is connected with high 
probability. For example, this is the case if a is a primitive root of F*„. Un- 
fortunately, constructing a primitive root (or even an element of high order) 
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is a well known difficult problem in computational number theory. In practi- 
cal application, the difficulty is how to verify quickly that a given G^n, q, a) 
is connected and more generally how to quickly compute the number of its 
connected components, using the sparse input size (n\ogq)°^ of the graph 
Gd{n, q, a). Ideally, we would like to have a deterministic algorithm with run- 
ning time bounded by a polynomial in (nlogq) ^, to compute the number 
of connected components. In this direction, we have the following conditional 
result. 

Theorem 5. Assume that the factorization of q n — 1 is given. Then one 
can compute the number of connected components of Gd{n, q, a) in time 
(nlogg) ^. 

It would be of great interest to remove the factorization assumption in 
the above theorem. The graph Gd(n, q, a) provides a new source of expander 
graphs, see the last section. We have 

Theorem 6. Let 5 be a constant with < 5 < 1. Assume that (n + d—1) < 
q d / 2 [\ — §y Then the graph Gd(n,q,a) is an expander graph. 

Remarks. In our construction of the Cayley graph Gd{n,q,a), we took 
the subset E d to be the set of all monic primary polynomials of degree d. It is 
also natural to take the subset to the set of all monic irreducible polynomials 
of degree d or the set of all monic irreducible polynomials who degree divides 
d. The resulting graph would have similar quality asymptotically. However, 
our choice of the subset in this paper makes the proofs simpler and cleaner 
with the results slightly better. 

2. The number of connected components 

Our key technical tool is the following Weil bound for character sums, see 
Theorem 2.1 in 

Lemma 7. Let \ '■ T/ — > C* be a non-trivial character. Then, we have the 
estimate 

\J2H9)x(g(a))\<(n-i)Vq~ d , 

geP d 

where A(g) is the von-Mangold function and it is equal to the degree of the 
unique prime factor in g. 
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Theorem 8. If n < q d l 2 + 1, then G d (n,q,a) is connected. 

Proof. If the graph Gd(n, q, a) is not connected, then E d generates a proper 
subgroup H of T/. Let 

be a non-trivial character of T/, trivial on H. Then by the Weil bound in 
Lemma 7, 

Q d = E A ^) = I E A (9)x(g(a))\ < (n - 1)>/?. 

It follows that n > q d/2 + 1. □ 
The next result shows that the condition n < g d//2 + l in the above theorem 
is not too far from being sharp. 

Theorem 9. If t > 1 is a divisor of (q n — 1) such that n > 2d + 2(|P (J | + 
1) log 9 £, then there is at least one a G ¥ qn of degree n over ¥ q such that the 
number of connected components of the graph Gd(n, q, a) is divisible by £. 

Proof. Let 7r n denote the number of monic irreducible polynomials of degree 
n in F q [x] . It is easy to check that 

K- q -\<- E ?*<V 2 . 

k\n,k<n/2 

The number of degree n elements in ¥ qn is nn n . The number of elements in 
¥ q n which are in a proper subfield of F a n IS 

( E l) = l^n-g n |<2g"/ 2 . 

deg(a)<rt 

Let H be the subgroup generated by g(a) for g G Pa- It is clear that the 
number of connected components of the graph Gd(n,q,a) is equal to the 
index [F*„ : H]. 

For a divisor £ > 1 of q n — 1, let He denote the unique subgroup of index 
£ in the cyclic group F*„. The group H e consists of £-th power of elements 
in F*„. Let Id denote the set of monic irreducible polynomial g in ¥ q [x] such 
that deg(g) divides d. Every element of Pa is an integral power of an element 
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in Jrf. Furthermore, \Ia\ = \Pd\- If a is a degree n element in ¥ q n such that 
g(a) G Hi for all g G Id, then H is a subgroup of iZg and thus the number of 
connected components of Gd{n, q, a) is 

[F* n : iZ] = [F* n : : #] = : iZ] 

which is divisible by I. Let 

JV< = {aG F g n| deg(a) = n, g{a) e H t Vg G J d }. 

To prove the theorem, it is enough to prove that Ni > 0. A standard char- 
acter sum argument shows that 

£^N e = J2 IIExifoW) 

deg(a)=n ge/ d x 3 =1 

= e e n*^^ 

Xg=l>fleJd deg(a)=n ge/ d 

where x 9 denotes a character of F*„ . In the case that \g — 1 f° r & h <? G Z d , the 
inner sum is the number mr n of degree n elements in ¥ q n. In all other — 1) 
cases, there is at least one g G Id such that \ g is a nontrivial character. In 
such a case, the standard Weil character sum bound (see Corollary 2.3 in jij) 
implies 

i e n^(«))i = ieii*))- e n^(^))i 

deg(a)=n ge/ d a£F q n ge/ d deg(a)<n 96/ d 

< ((EdegG?))-i)g" /2 + E 1 

gel d deg(a)<n 

< (q d ~ l)q n/2 + 2q n/2 
= (q d + l)q n/2 . 

Putting these together, we deduce that 

S^N e > ri7t n - - l)(q d + l)q n l 2 

> q n - 2q n/2 - (l^ - l)(q d + l)q n/2 

> q n - £\ Id \q d + l)q n/2 

> q^ +d (q 2 i- d - £ ]Idl+1 ). 
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Solving the inequality 

> £\I d \+\ 

one obtains the condition 

n>2d + 2(\I d \ + l)log q £. 

Since \I d \ = \Pd\, the theorem is proved. □ 
In the case d — 1, we have = |Pi| = q. This gives the following result. 

Corollary 10. If £ > 1 is a divisor of the integer q n — 1 such that n > 
2 + 2{q + 1) log q £, then there is at least one degree n element a in ¥* n such 
that the graph Gi(n,q,a) is not connected. 

The above theorem shows that the graph Gd(n, q, a) is not always con- 
nected. It depends very much on the choice of a. An interesting question 
is to find a fast algorithm, with running time bounded by a polynomial in 
(nlogg) ^ 1 ^ to compute the number of connected components. In this direc- 
tion, we have the following conditional result. 

Theorem 11. Assume that the factorization of q n — 1 is given. Then one 
can compute the number of connected components of Gd(n, q, a) in time 
(nlogqfW. 

Proof. We may assume that n > q d ^ 2 + l, otherwise Gd(n, q, a) is already 
connected. Let 

9 "-i = rf i ...^ff« = {fNF;„}. 

The iJj's are the maximal subgroups of F*„. The graph Gd(n,q,a) is dis- 
connected if and only if the subgroup H =< g(a)\g G Pd > is contained in 
Hi for some i. This is true if and only if 

gM^-V* = l,Vg e P d . 
The elements of P d can be listed in time q d {n 

logg)O(i). Note that 

max{s, (ki H h k s ),q d } < n 2 logq. 

It follows that one can check if there is 1 < i < s such that H C Hi in time 

sq d (n\ogq)° {1) = (nlogg)° (1) . 
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If H ^ Hi for 1 < i < s, then H = Tf and the graph is connected. Otherwise, 
we can assume that H C Hi for some given i. 
The group Hi is cyclic of order 

q n — 1 

Pi 

Its maximal subgroups are H^ = {(3 PtPj \(3 e T f } = {f3 Pj \f3 e Hi}, where 
PiPj\(q n — 1). Similarly we have H C if^ for some j if and only if 

^(a)«"i = 1,V 5 G P d . 

Again, we can check if there is 1 < j < s such that if C H^ in time 

sg d (nlogg)° (1) = (nlogg)° (1) . 

Continuing in this fashion, eventually one finds that H = H ili2 ... iu , and thus 
the number of connected components is [Ff : H] — ■ • • p iu . The total time 
needed is bounded by 

(ki H h k s )q d (n log q)° (1) = (n log . □ 

Corollary 12. TTie number of connected components of Gd(n,q,a), which 
is the index [Tf : H], can be computed in time 0(q n ^ 4 ). 

Proof. By the well known LLL lattice factorization algorithm, q n — 1 
can be factored in time 0(q n ^). □ 

Corollary 13. Ifn is even, the number of connected components ofGd(n, q, a) 
can be computed in time 0(q n ^ 8 ). 

Proof. q n — 1 = (g™/ 2 — l)(g n / 2 + 1) can be factored in time 0(q n ^ s ). □ 
Let N d (n, q, a) denote the number of connected components of the graph 
Gd(n,q,a). An interesting problem is to give a good general upper bound 
for Nd(n, q, a), which is uniform in a. In this direction, we have the following 
simple crude upper bound. 

Theorem 14. 

q n - 1 
N d (n,q,a) < t^-- 
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Proof. Let H be the subgroup generated by {g(a)\g G P d }- Since a has 
degree n, the unique factorization of polynomials implies that the elements 

Ti 

9i(a) ■ ••g k (a),ti < k < [-] - 1, {5-1, • • • ,g k } C P d 
are distinct elements of H . This proves 

\H\ > 

It follows that 



P d \ + l 



a n - 1 o r ' 
iV d (n, g, a) = [r> : //] = \— < 



\H\ ~ (\ p d\+ 1 )' 

The theorem is proved. □ 



3. The diameter 

The diameter of Gd(n, q, a) is the minimal integer D (or 00 if it does not 
exist) such that every element in Tf can be written as a product of at most 
D elements in E d . 

Theorem 15. Assume that n < q d / 2 + 1. The diameter D of Gd(n, q, a) 
satisfies the inequality 

n , 1 , 42 log(n-l) 



D < 2- + 1 + 



<i (ilogg — 2 log(n — 1) 

Proof. Let T/ be the character group of the multiplicative group Tf = 
¥*„, which is the set of homomorphisms from Tf to C*. For integer k > 
and P G Tf, let N k (/3) be the number of solutions of the equation 

P = 9i(a)g 2 (a) ■ ■■g k {a),g i G P d . 

It is clear that 

w) = i^i E E^( gl(a) 7 9t(Q) )- 

si,— ,9k£Pd xef} 
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To show that the diameter D is bounded by k, it is enough to show that 
Nk(P) > for all j3 G Tj. For our purpose, it is simpler to work with the 
following weighted sum 

»wi^ E A ( ^--Ate)X>( 9l(a) 7 t(a) ). 

9i,— >9k€ p d X£ r / 

Note that Nk(f3) > if and only if Mk((3) > 0. Now, separating the trivial 
character, we obtain 



y y gi,-,g k ePd Xt^i 

= ^ + ^riEx- 1 (/3)(E A (^(«)))*- 

Applying the Weil bound in Lemma 7, we deduce that 

kd 

In order for M k (/3) > for all /3, it suffices to have the inequality 

q kd > q n (n - l) k q kd/2 , 

that is, 

q kd-2n >( n _ lfk_ 

This is satisfied if 

k > 2n = n_ + 4* log(n - 1) 



d — 2 log g (n — 1) d dlogq — 2 log(n — 1) ' 

The theorem is proved. □ 
For a proper divisor d of n, we now make some comparisons between 
Chung's graph j3) and our more general construction Gd{n,q,a), 

where (3 is a root of an irreducible polynomial of degree n/d in F ? d[a;] and ct 
is a root of an irreducible polynomial of degree n in F g [x]. It is clear that 
both graphs have q n — 1 vertices. Assume that n < q d ^ 2 + 1. In this case, 
both Gi(^,q d , (3) and Gd(n,q,a) are connected, and their diameter bounds 

n 42 1og(2-l) n 42 1og(n-l) 

D 1 <2- + 1 + - — d °V d ,/ - , £> 2 <2- + l + 



d dlogg-21og(2-l)' '~ d dlogq - 21og(n - 1) 
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are comparable. But Gi(^, q d , a) is q d — regular and Gd(n, q, a) is |Pd|-regular, 
where \Pd\ ~ ^- < g d . Thus, Gd(n,q,a) can be significantly better than 
q d , a) if n < q d ^ 2 + 1, since Gd(n, q, a) has far fewer edges. 

Corollary 16. If q d > (n - 1)^ +2 , then D < 2~ + 1. 

If q is sufficiently large, it may be possible to improve the above diameter 
bound to D < ^ + 2. This is indeed the case for d = 1, as shown by Katz 0] 
and Cohen [if. 

A computational question is to ask for a fast algorithm, with running 
time bounded by 0(n log q) 0<yl \ to compute the diameter D of the graph 
Gd{n,q,a). This is expected to be a very difficult problem. Even assuming 
the factorization of q n — 1, we still do not know a fast algorithm to compute 
the diameter. We believe that computing the diameter is related to the 
discrete logarithm problem and the subset sum problem, both are difficult 
problems used in cryptography. 



4. Expander graphs 

In this section, we show that our graph Gd(n, q, a) has good expanding 
properties. The adjacency matrix M = (m^^) is a (q n — 1) x (q n — 1) matrix, 
where the entry = 1 if (3i — > fa is an edge and it is zero otherwise. 

The adjacency operator M acts on the (q n — l)-dimensional complex vector 
space C r/ of functions on Tf. If h(x) is a complex function on Tf, then 

M(h)(x) = J2 h (y) = $>(^(a)), 

where y runs over all elements of Tf such that x — > y is an edge of Gd{n, q, a). 
If h(x) = xi x ) is a multiplicative character of Tf, then one checks that 

gePa 

where 

This shows that each character \ is an eigenvector of the operator M. By 
Artin's lemma, the set of characters on Tf is C-linearly independent. Since 
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the number of characters is equal to q n — 1, it follows that C Vf has a basis 
consisting of the eigenvectors x °f > where \ runs through all characters 
of Ff. If x is a character which is trivial on the subgroup generated by 
H =< g(a)\g e Pd > of T/, then the eigenvalue 

A d ( X ) = J2 1 = l Prf l 

which is the trivial eigenvalue \ tr i V — \Pd\- If X is a character which is non- 
trivial on H, its eigenvalue is called a non-trivial eigenvalue which satisfies 
the bound 

\UX)\ = |£x(</(a))| 
gePd 

y uiinii/in]i+ » it — 

d 



< 



c/ePd geP d ,A(g)<d 



geP d Mg)<d 



o a 



Since 



we deduce 



<?eP d 3 eP d 



Theorem 17. Let S be a constant with < 5 < 1. Assume that (n + d—1) < 
q d l 2 (\ — S). Then each non-trivial eigenvalue A o/ £/ie adjacency operator M 
for the graph Gd(n, q, a) satisfies the bound 

\\\<^(l-8)<\P d \(l-8) = \ triv (l-8). 

In particular, the graph Gd(n, q, a) is an expander graph. 

Note that the number of connected components of Gd{n, q, a) is equal to 
the multiplicity of the trivial eigenvalue \Pd\ of the adjacency matrix M. If 
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one uses the matrix M and linear algebra directly to compute the number 
of connected components, then the running time will be 0(q n )°( 1 \ which is 
fully exponential in terms of nlogg. This trivial algorithm is far slower than 
the conditional result in Theorem 5. 

Finally, we explain that it is best to view our graph Gd{n, q, a) as a 
weighted graph. For this purpose, let G* d {n, q, a) be the weighted graph 
with the same vertices and edges as Gd{n,q,a). Given an edge /?i — > P2 hi 
G* d (n, q, a), we define the weight of the edge fii — > P2 to be A^fa/Pi) = A(g), 
where P2/P1 = g{oi) for a unique monic primary polynomial g G Pd- The 
weighted adjacency matrix M* = (m^ 2 ) is a (g n — 1) x (q n — 1) matrix, where 
the entry m^ 2 = A(/3 2 //3i) if fi\ — > fii is an edge and it is zero otherwise. 
The adjacency operator M* acts on the (q n — l)-dimensional complex vector 
space C Ff of functions on Tf. If h(x) is a complex function on Tf, then 

M*(h)(x) = 5>(|)%) = J2 A (9)Kxg(a)), 

x^y gePd 

where y runs over all elements of Tf such that x — > y is an edge of G* d (n, q, a). 
If h(x) = x{ x ) is a multiplicative character of Tf, then one checks that 

where 

s d ( x ) = J2 A ^)x(g^)). 

g&Pd 

This shows that each character x is an eigenvector of the operator M*. If x 
is a character which is trivial on the subgroup generated by H =< g(a)\g e 
Pd > of Tf, then the eigenvalue 

s*(x) = E A (^) = Q d 

geP d 

which is the trivial eigenvalue \ tr i V = q d - If x is a character which is non- 
trivial on H , its eigenvalue is called a non-trivial eigenvalue which satisfies 
the bound 

\s d {x)\ = I £ A(g)x(g(a))\ <(n- 

gePd 

We obtain 
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Theorem 18. Let 5 be a constant with < 5 < 1. Assume that (n — 1) < 
g d / 2 (l — 5). T/ien each non-trivial eigenvalue A of the adjacency operator M* 
for the weighted graph G* d {n, q, a) satisfies the bound 

\M<Xtriv(l-S). 

In particular, the weighted graph G^(n, q, a) is an expander graph. 

The condition (n — 1) < g d//2 (l — 5) in this weighted theorem is weaker 
and simpler than the condition {n + d — 1) < q d ^ 2 (l — 5) in the previous 
un-weighted theorem. 
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